ID

VAR-201905-1186


CVE

CVE-2019-0982


TITLE

ASP.NET Core Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2019-003823

DESCRIPTION

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'. Microsoft ASP.NET Core is a cross-platform open source framework of Microsoft Corporation of the United States. The framework is used to build cloud-based applications such as Web applications, Internet of Things applications, and mobile backends. The vulnerability stems from the problem of improper design or implementation in the code development process of network systems or products. An attacker can exploit this issue to cause a denial of service condition

Trust: 3.06

sources: NVD: CVE-2019-0982 // JVNDB: JVNDB-2019-003823 // CNVD: CNVD-2020-20378 // CNNVD: CNNVD-201905-393 // BID: 108208 // VULMON: CVE-2019-0982

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-20378

AFFECTED PRODUCTS

vendor:microsoftmodel:asp.net corescope:eqversion:2.2

Trust: 2.7

vendor:microsoftmodel:asp.net corescope:eqversion:2.1

Trust: 2.7

sources: CNVD: CNVD-2020-20378 // BID: 108208 // JVNDB: JVNDB-2019-003823 // NVD: CVE-2019-0982

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-0982
value: HIGH

Trust: 1.0

NVD: CVE-2019-0982
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-20378
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201905-393
value: HIGH

Trust: 0.6

VULMON: CVE-2019-0982
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-0982
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2020-20378
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-0982
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2020-20378 // VULMON: CVE-2019-0982 // JVNDB: JVNDB-2019-003823 // CNNVD: CNNVD-201905-393 // NVD: CVE-2019-0982

PROBLEMTYPE DATA

problemtype:CWE-19

Trust: 1.8

sources: JVNDB: JVNDB-2019-003823 // NVD: CVE-2019-0982

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-393

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201905-393

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-003823

PATCH

title:CVE-2019-0982 | ASP.NET Core Denial of Service Vulnerabilityurl:https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0982

Trust: 0.8

title:CVE-2019-0982 | ASP.NET Core のサービス拒否の脆弱性url:https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2019-0982

Trust: 0.8

title:Patch for Microsoft ASP.NET Core Denial of Service Vulnerability (CNVD-2020-20378)url:https://www.cnvd.org.cn/patchInfo/show/211635

Trust: 0.6

title:Microsoft ASP.NET Core Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92543

Trust: 0.6

title:Symantec Threat Intelligence Blogurl:https://www.symantec.com/blogs/threat-intelligence/microsoft-patch-tuesday-may-2019

Trust: 0.1

sources: CNVD: CNVD-2020-20378 // VULMON: CVE-2019-0982 // JVNDB: JVNDB-2019-003823 // CNNVD: CNNVD-201905-393

EXTERNAL IDS

db:NVDid:CVE-2019-0982

Trust: 3.4

db:BIDid:108208

Trust: 1.0

db:JVNDBid:JVNDB-2019-003823

Trust: 0.8

db:CNVDid:CNVD-2020-20378

Trust: 0.6

db:CNNVDid:CNNVD-201905-393

Trust: 0.6

db:VULMONid:CVE-2019-0982

Trust: 0.1

sources: CNVD: CNVD-2020-20378 // VULMON: CVE-2019-0982 // BID: 108208 // JVNDB: JVNDB-2019-003823 // CNNVD: CNNVD-201905-393 // NVD: CVE-2019-0982

REFERENCES

url:https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0982

Trust: 2.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-0982

Trust: 1.4

url:https://www.securityfocus.com/bid/108208

Trust: 1.3

url:http://www.microsoft.com

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0982

Trust: 0.8

url:https://www.ipa.go.jp/security/ciadr/vul/20190515-ms.html

Trust: 0.8

url:http://www.jpcert.or.jp/at/2019/at190023.html

Trust: 0.8

url:https://vigilance.fr/vulnerability/microsoft-net-vulnerabilities-of-may-2019-29296

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/19.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/108208

Trust: 0.1

sources: CNVD: CNVD-2020-20378 // VULMON: CVE-2019-0982 // BID: 108208 // JVNDB: JVNDB-2019-003823 // CNNVD: CNNVD-201905-393 // NVD: CVE-2019-0982

CREDITS

Microsoft.

Trust: 0.9

sources: BID: 108208 // CNNVD: CNNVD-201905-393

SOURCES

db:CNVDid:CNVD-2020-20378
db:VULMONid:CVE-2019-0982
db:BIDid:108208
db:JVNDBid:JVNDB-2019-003823
db:CNNVDid:CNNVD-201905-393
db:NVDid:CVE-2019-0982

LAST UPDATE DATE

2024-08-14T15:12:48.468000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-20378date:2020-03-31T00:00:00
db:VULMONid:CVE-2019-0982date:2019-05-20T00:00:00
db:BIDid:108208date:2019-05-14T00:00:00
db:JVNDBid:JVNDB-2019-003823date:2019-05-23T00:00:00
db:CNNVDid:CNNVD-201905-393date:2019-05-24T00:00:00
db:NVDid:CVE-2019-0982date:2019-05-20T12:38:21.333

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-20378date:2020-03-31T00:00:00
db:VULMONid:CVE-2019-0982date:2019-05-16T00:00:00
db:BIDid:108208date:2019-05-14T00:00:00
db:JVNDBid:JVNDB-2019-003823date:2019-05-23T00:00:00
db:CNNVDid:CNNVD-201905-393date:2019-05-14T00:00:00
db:NVDid:CVE-2019-0982date:2019-05-16T19:29:05.083